Getting the best from the isf standard of good practice The ISF has developed the comprehensive and authoritative Standard of Good Practice for information security (SOGP), regarded by many international Blue Chip organisations as the most practical source of information security and information risk- related guidance in the world. Jerakano can help you implement the Standard in an effective, sustainable manner.
4
Embed
Getting the best from the isf standard of good practice ISF SOGP Brochure for web.pdf · Jerakano is best placed to help you make the most of the ISF Standard. Jason Creasey; the
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Getting the best fromthe isf standard of
good practice
The ISF has developed the
comprehensive and authoritative
Standard of Good Practice for
information security (SOGP),
regarded by many international Blue
Chip organisations as the most
practical source of information
security and information risk-
related guidance in the world.
Jerakano can help you implement
the Standard in an effective,
sustainable manner.
Jerakano is best placed to help you make the most
of the ISF Standard. Jason Creasey; the founder of
Jerakano, spent 17 years working for the ISF - much
of it as Head of Research
and Development - and is
the chief architect behind
many of the ISF tools. He is
one of the principal authors
of the SOGP - referred to as
the ‘Father of the Standard’ -
so our company is well placed
to ensure you implement
it effectively, helping you to get the best from
the Standard.
What is the purpose of the ISF Standard?
The ISF Standard (SOGP) addresses information security from a
business perspective and provides an ideal basis for assessing and
improving your organisation’s information security arrangements. It
is based on the results of world-wide research projects, analysis of
other leading standards and the latest thinking from leading players in
the information risk arena.
However, there can still be challenges when it comes to adopting
the Standard in practice - and in making sure that it is implemented
effectively in all parts of your organisation in a consistent,
sustainable manner.
So, are you getting the best out of the ISF Standard?
About the ISF
The Information Security Forum (ISF) is an independent, not-for-
profit association of leading organisations from around the world.
It is dedicated to investing,
clarifying and resolving
key issues in cyber,
information security and
risk management; and to
developing best practice
methodologies, processes
and solutions that meet the business needs of its Members. ISF
Members benefit from harnessing and sharing in-depth knowledge
and practical experience drawn from within their organisations and
developed through an extensive research and work programme.
The ISF has developed
the Standard of
Good Practice, which
is free to members of
the Information
Security Forum and
available to purchase
for non-members.
www.securityforum.org
Jerakano also runs research, implementation
and development projects for members and
non-members alike.
Implementing the Standard effectively
Jerakano can enable you to better understand the key concepts behind the
ISF’s flagship Standard of Good Practice (SOGP) and implement it in an effective,
sustainable manner.
We can also help your organisation to take part in the unique ISF Benchmarking service (providing you are a
member of the ISF), comparing your security arrangements in SOGP, ISO 27001 or COBIT 5 format against
those of other similar members, with results being shown in real time.
Jerakano can help you make the most of the ISF Standard in a number of ways. Our services are carefully
tailored to the specific needs of your organisation, but a typical approach would include:
Gaining a high level understanding of the nature of your business and the approach taken by your organisation for managing information
risk enterprise-wide.
Building a profile of the environment to be reviewed, be it the entire organisation, a particular business unit or a critical business system,
taking account of the business environment, applications, IT infrastructure, information and people involved.
Identifying your organisation’s current security requirements for that environment, typically based on criticality assessments, risk analysis,
compliance obligations and your information classification scheme.
Performing a high level review of your organisation’s information security arrangements, including a gap analysis against the SOGP,
identifying strengths and weaknesses.
Helping you develop a method of monitoring key management information for each of the 119 topics in the ISF Standard, such as:
determining applicability and importance to your business; assigning responsibility and accountability; identifying breadth and depth of
coverage; assessing level of implementation; tracking progress status; and considering the degree of automation.
Producing a systematic, structured report, summarising key findings and recommending pragmatic actions for addressing them, including